With the proliferation of inexpensive handheld communications devices such as mobile phones, texting has become a popular way to communicate. Based on the “Short Message Service” (“SMS”) standardized by GMS wireless telephone network carriers worldwide since the mid-1980's, texting involves sending a message containing a maximum, relatively small number of characters (for example, 140 bytes or 160 7-bit characters in one non-limiting scenario) per message based on standard alphabets. Other data messaging services such as Twitter similarly constrain message length e.g., to 140 characters. Certain other messaging standards such as MMS permit transmission of a variety of other data such as multimedia.
Short messaging offers numerous advantages in terms of transport efficiency, succinctness and convenience, but there can be problems with security. Most short messages are sent and received in unsecured form. Interception by unauthorized people and spoofing are two of the problems that can arise from insecure short messaging. Hacking of insecure text messaging has caused numerous high-profile scandals and information leaks. Additionally, texting could be a valuable tool for law enforcement, the military and other government agencies if adequate end-to-end security could be provided.
While it would be highly desirable to secure short messaging, there are challenges to doing so. In particular, the short length, insecurity of the communications networks used to transport the messages and the relatively low processing power available on many devices commonly used to exchange short messages all present obstacles to introducing secure SMS or other secure short messaging.
Most secret or secure messaging is based on the concept of a “shared secret” that only the sender and receiver know. Such a shared secret can be a code book, a cryptographic key for the day or the session, a pseudorandom cryptographic key generated independently by each of the sender and the receiver based on shared “seed” data, or a variety of other mechanisms.
The output of a strong cryptographic process based on the aforementioned “shared secret”, is potentially a stream of information that is unintelligible, unless one has access to the keys used to encode the data. For example, the message “The lazy fox jumped over the brown dog” when encrypted might appear as something like “{umlaut over ( )}PGPÁÁN {53¢ ¢æó ÿl,0 ′ã“FEã+‡yø°ê¾Ëœ‡ CoÏ%T+Ò?+ÿ/[t ò ˜””. Such an encrypted message—which does not appear to be any natural language and thus discloses to any reviewer that it is a “machine” or coded construct rather than a natural communication between two human beings—cannot be converted into intelligible form except by someone with appropriate decryption software/algorithm and a secret and/or shared decryption key.
In some contexts, sending a stream of undecipherable information that resembles no natural language in common use today may itself may be a tip off that an encryption process is being used, especially if one is using a communications medium that is rarely encrypted. For instance, if one is sending a textual based message via SMS, intervening systems between the communicating peers may be set up to scan for certain patterns of data or words. Since the encrypted stream may not appear to fit within acceptable parameters of potential listening parties or devices, the encrypted data stream may be flagged for additional analysis or disallowed altogether, ultimately alerting other entities to the fact the peers are communicating in a secure fashion. An attacker might be able to look for messages whose content indicates it has been encrypted, and concentrate on trying to break them—or apply so-called “traffic analysis” techniques to the encrypted messages in an attempt to learn something about the sender, the receiver or the messages they are exchanging. As one example, the mere knowledge that a secure message has been sent at a certain time from a certain place may in itself be valuable information even if the message content has not been exposed or decrypted.
Those skilled in the art are aware of so-called “steganography” (“hidden writing”) for hiding messages. Steganography is commonly understood to be the practice of hiding a message or picture, often within a larger message or picture. A picture that contains an embedded message or picture can often be indistinguishable to even the most sophisticated user. For example, during WWII, spies photographically created miniature messages in the form of “microdots” that were then adhered to ordinary documents such as newspapers or typewritten letters. The microdots masqueraded as periods or other punctuation marks in these ordinary documents. Other more ancient examples of hiding messages include writing on wooden tablets that are then covered by wax, and the use of invisible inks.
There are more modern, computer age examples of steganography. For example, it is known to hide a message within a color image. A color picture as stored and processed by computer is typically encoded as an RGB image with each pixel in the image (consisting of the three colors (Red, Blue and Green)) represented by an eight-bit number. Replacing the low-order bit of each of the three colors with a bit representing a bit of the desired text to be hidden will make virtually no change to the image as seen by a user. Another known but more complex steganography technique alters the relationship between the Discrete Cosine Transform (DCT) coefficients in a compressed (e.g., JPEG) image in a way that encodes a hidden message.
Steganographic techniques are also commonly used to embed watermarks or copyright information. Such techniques can be used to watermark audio and video files. Basically, today, anything in the digital age can be watermarked. Individual watermarking, for instance, can be used in a forensic analysis to provide an audit trail of where a pirated video originally came from.
A discussion of the techniques of steganography can be found in Stefan Katzenbeisser's book “Information Hiding Techniques for Steganography and Digital Watermarking” (Artech House 2000), incorporated herein by reference. The book discusses many of the aspects of information hiding. It surveys recent research results in the fields of watermarking and steganography, two disciplines generally referred to as information hiding. The book begins with an introduction to the field of information hiding, discussing the history of steganography and watermarking and possible applications to modern communication systems. Katzenbeisser introduces a model for steganographic communication (the ‘prisoners problem’) and discusses various steganographic protocols such as pure steganography, secret key steganography, public key steganography and supraliminal channels). He further discusses several information hiding methods useable for steganographic communication, among them substitution systems, hiding methods in two-color images, domain transform techniques, statistical steganography, distortion and cover generation techniques. In the steganalysis section, Neil F. Johnson introduces the concepts of steganalysis—the task of detecting and possibly removing steganographic information. Included is also an analysis of common steganographic tools.
Further in the book, an introduction to watermarking techniques and the requirements and design issues for watermarking software is discussed. A survey of current watermarking techniques presents several design principles for watermarking systems, among them the choice of host locations, psychovisual aspects, the choice of a workspace (DFT, DCT, wavelet), the format of the watermark bits (spread spectrum, low-frequency watermark design), the watermark insertion operator and optimizations of the watermark receiver.
The robustness of copyright marking systems is discussed along with the issue of watermark robustness to intentional attacks. The chapter includes a taxonomy of possible attacks against watermarking systems, among them protocol attacks like inversion, oracle attacks, limitations of WWW spiders and system architecture issues.
A chapter on fingerprinting discusses principles and applications of statistical fingerprinting, asymmetric fingerprinting and anonymous fingerprinting. Copyright on the Internet and watermarking is finally discussed and watermarking systems from a legal point of view and addresses various other aspects of copyright law on the Internet.
Obviously, there is considerable art in place for steganography. One such use of steganography is “Digimarc for Images”. This particular method is often available to end users in photo editing applications such as Photoshop. Digimarc allows the user to watermark a photo with embedded attributes such as “do not copy”, “adult content” etc. This information is passed along within the picture. Other software that is used to copy, print or view the image can utilize the embedded information to restrict a user's right to the picture.
The above technique can effectively hide a message or picture in a larger picture at a ratio of 8:1 and is thus inefficient for most information. Every time a user would want to send a steganographic text message, for example, a user would be sending thousands of bytes in the form of an image just to send a few bits of “payload” information. It may also be deduced by an adversarial party that the user's predilection to sending pictures was in fact a method to mask the true meaning of the communications.
Thus, it is not readily apparent how steganography could be used to hide SMS ciphertext.
We have determined that, in certain circumstances such as SMS or other short messaging, it would be desirable to further encode the enciphered data into another format that disguises the fact that the message was encrypted in the first place.
The exemplary illustrative non-limiting technology herein provides non-limiting steganographic processes and algorithms that allow for a lightweight peer-to-peer exchange of disguised cryptographic information masquerading as unencrypted natural language messages over insecure communications links.
The exemplary illustrative non-limiting light-weight technology herein can be used to implement secure technology using a small amount of computational power of the type available on low-cost portable, mobile or any other end-to-end devices (e.g., any embedded processing technology) and within limited message length constraints. For example, the exemplary illustrative non-limiting technology provides a reduced or minimal message encapsulation having low consumption of available message payload.
In simple terms, an illustrative algorithm can be used to obfuscate encrypted data content in SMS, Twitter or other short messaging. Furthermore, this technology can be used to disguise or pass off as natural language messages, any message oriented communications such as MMS, picture messages, email messages, other text documents/attachments, command and control messages, alerts messages, machine to machine messages, etc. on a variety of platforms.
Alternatively or in addition, rather than adhering to any particular standardized dictionary, dictionaries and/or text transformation algorithms used to convert enciphered text into text masquerading as natural language messaging can be employed that convert enciphered text to non-standard abbreviated or otherwise stylized text that is, to all but highly specialized human and/or machine analysis, essentially or substantially indistinguishable from commonly used texting vernacular in common use by modern texters such as teenagers. Since many natural language vernacular texts composed by teenagers will be gibberish to most adults and to any machine processes trained or programmed to recognize standard English, in addition or alternatively, the non-limiting techniques used herein can take advantage of the proliferation of a non-standard texting vernacular that defies analysis by standardized machine spell and grammar checking to provide text transformations yielding outputs that are statistically and/or otherwise indistinguishable from such texting vernacular in terms of word order (or lack thereof), misspellings, abbreviations, lack of punctuation, general style and other characteristics.
One example non-limiting target platform with which the present technology can be useful is RIM's Blackberry devices, Apple iPhones and iPads, Google Android based devices or any desired SMS or other short or other messaging platforms.